Gervase Markham wrote:
Idea off the top of my head - please tell me why it won't work.
Could we parse all form submissions over unencrypted channels and put up an alert ("You _really_ don't want to do this!") if any of the fields was a sixteen-digit number which passed the credit-card-number checksum algorithm?
Much of phishing isn't about credit card details so much as *any* information. And, as attackers are able to adjust their policies to suit what's out there, they could also make their sites foil the checks.
(Phisher programmers almost certainly haunt these maillists...)
Yeah, *if* I was such a programmer, wich I am obviously not, I would rather have access to you inbox, because that will give me the ultimate power trip.
/HJ _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
